Source | Azure Portal | ||
Display name | Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories | ||
Id | a96f743d-a195-420d-983a-08aa06bc441e | ||
Version | 1.0.0 Details on versioning |
||
Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
Category | Regulatory Compliance Microsoft Learn |
||
Description | Microsoft implements this Audit and Accountability control | ||
Additional metadata |
Name/Id: ACF1118 / Microsoft Managed Control 1118 Category: Audit and Accountability Title: Audit Review, Analysis, And Reporting | Correlate Audit Repositories Ownership: Customer, Microsoft Description: The organization analyzes and correlates audit records across different repositories to gain organization-wide situational awareness. Requirements: Due to the size and complexity of the Azure environment, Azure utilizes log event forwarding tools to record events across all Azure assets and utilizes monitoring tools to automatically correlate and analyze the events gathered by each logging tool. Log reviews cannot be conducted manually in the Azure environment due to the high volume of events. Instead, Azure implements automated methods to perform review, analysis, and reporting of logs. Azure implements tooling such as Azure Security Monitoring (ASM) and SCUBA to directly alert the appropriate personnel of security-relevant events in a variety of ways, including Service 360 (S360) notifications, Incident Management (IcM) tickets, and work items. These tools utilize audit policies and detections that report events to the Microsoft Operations Center (MOC), Security Response Team, and service teams as appropriate. The policies are tuned to alert on events of immediate concern. |
||
Mode | Indexed | ||
Type | Static | ||
Preview | False | ||
Deprecated | False | ||
Effect | Fixed audit |
||
RBAC role(s) | none | ||
Rule aliases | none | ||
Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
Compliance | Not a Compliance control | ||
Initiatives usage | none | ||
History | none | ||
JSON compare | n/a | ||
JSON |
|